[5.1.x] Fixed #35678 -- Removed "usable_password" field from BaseUserCreationForm.

Refs #34429: Following the implementation allowing the setting of unusable passwords via the admin site, the `BaseUserCreationForm` and `UserCreationForm` were extended to include a new field for choosing whether password-based authentication for the new user should be enabled or disabled at creation time. Given that these forms are designed to be extended when implementing custom user models, this branch ensures that this new field is moved to a new, admin-dedicated, user creation form `AdminUserCreationForm`. Regression in e626716c28. Thanks Simon Willison for the report, Fabian Braun and Sarah Boyce for the review. Backport of 0ebed5fa95 from main.
2025-11-07 07:15:35 +00:00 · 2024-08-15 10:27:24 -03:00
parent cfad0655c2
commit da22e6cb3c
6 changed files with 174 additions and 88 deletions
--- a/docs/releases/5.1.txt
+++ b/docs/releases/5.1.txt
@@ -118,11 +118,11 @@ Minor features
 * The default ``parallelism`` of the ``ScryptPasswordHasher`` is 
  increased from 1 to 5, to follow OWASP recommendations.

-* :class:`~django.contrib.auth.forms.BaseUserCreationForm` and
-  :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now support
-  disabling password-based authentication by setting an unusable password on
-  form save. This is now available in the admin when visiting the user creation
-  and password change pages.
+* The new :class:`~django.contrib.auth.forms.AdminUserCreationForm` and
+  the existing :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` now
+  support disabling password-based authentication by setting an unusable
+  password on form save. This is now available in the admin when visiting the
+  user creation and password change pages.

 * :func:`~.django.contrib.auth.decorators.login_required`,
  :func:`~.django.contrib.auth.decorators.permission_required`, and